Recently, there has been increasing scrutiny of weather apps and the data that they collect. There have been public outcries after investigations and research have revealed mobile apps are tracking the locations of their users even when they say no to sharing the location data.

In Los Angeles, City Attorney Mike Feuer filed suit in early January against TWC Product and Technology, the maker of the Weather Channel mobile app. He accused the app of “covertly mining the private data of users and selling the information to third parties, including advertisers.”

The complaint alleges that TWC used the geolocation tracking technology present in the app to monitor where users live, work, and visit, twenty-four hours a day, as well as how much time users spend at each location. The complaint further alleges that TWC led its users to believe that their location data would only be used to provide them with “personalized local weather data, alerts and forecasts.” Instead, TWC allegedly sends this information to affiliates of its parent company, IBM, and other third parties for advertising and other commercial purposes entirely unrelated to the weather.

The lawsuit alleged that TWC buried the location-tracking information in its privacy policy. It seeks an injunction “prohibiting TWC from continuing to engage in allegedly unfair and fraudulent business activities, including deceptively collecting and selling personal data, as well as Civil Penalties up to $2,500 for each violation.”

IBM’s initial response was to tell the New York Timesthat TWC “has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.”

But recently, TWC’s app added a new pop-up, and Feuer’s office states the pop-up says, “We use and share your location data as disclosed in our privacy policy, including to provide you with personalized local weather data, alerts, and geographically relevant advertising.” The lawsuit is ongoing.

“In 2018, it was the sixth most popular weather app in the U.K. and in Canada, and in 2017 it was among the 20 most popular in the U.S., according to App Annie,” the Wall Street Journal reported. The app is only available on Google’s Android system.

And in August 2017, security researcher Will Strafach found “the AccuWeather application for iOS requests location access under the premise of providing users localized severe weather alerts, critical updates, and faster launch time. Granting access to location information will also cause the application to send the following bits of information off to ’revealmobile.com’: Your precise GPS coordinates, including current speed and altitude. The name and ‘BSSID’ of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services. Whether your device has bluetooth turned on or off.”

He continued: “If you do not grant AccuWeather access to your GPS information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your device’s whereabouts.”

ZDNet was able to verify the researcher’s findings, saying it was “able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router’s MAC address and public data.” Reveal Mobile is a company that provides information to advertisers.

After news reports revealed that the AccuWeather app was transmitting individuals’ location data to Reveal Mobile even when the individuals did not allow location-tracking, a joint statement was released by the companies. “Reveal is updating its SDK and pushing out new versions of the [software kit] in the next 24 hours, with the iOS update going live [Tuesday],” an AccuWeather spokesperson told ZDNet. “The end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing.”

Individuals’ location data can reveal highly sensitive personal information – your set patterns for work and home; your physician and dentist; your child’s school or afterschool activities; or a detour to a medical center that focuses on substance abuse. There are significant privacy concerns surrounding location-tracking.

As always, any programs that collect such data need strong, publicly viewable rules that follow the Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. Especially in some of these cases concerning weather apps, it is unclear if collection limitation, purpose specification, use limitation, openness, individual participation, and accountability were followed. It should not be that simply using a weather app means that your privacy is at risk.